Google Faces Fines in EU After Failing to Fix Privacy Policy

Google Inc. (GOOG) faces possible fines
after six European Union data protection regulators started
“coordinated” enforcement measures over the company’s failure
to fix flaws in a new privacy policy.

Today’s joint decision follows a deadlock at a March 19
meeting between Google and the data watchdogs, France’s National
Commission for Computing and Civil Liberties said in a statement
on its website. It’s now up to national regulators to pursue the
company according to their own rules and powers, CNIL said.

“The authorities’ goal is not to fine Google,” said
Isabelle Falque-Pierrotin, chairwomen of the French agency,
which led a taskforce of data authorities also from the U.K.,
Germany, Spain, Italy and the Netherlands. “The goal is for
Google to be in line with what we demand.” CNIL could levy a
maximum fine of 150,000 euros ($192,300), she said in a phone
interview.

Google, operator of the world’s largest search engine,
faces privacy investigations by authorities around the world as
it debuts new services and steps up competition with Facebook
Inc. for users and advertisers. Google last year changed its
system to create a uniform set of policies for more than 60
products, unleashing criticism from regulators and consumer
advocates concerned it isn’t protecting data it collects.

“Our privacy policy respects European law and allows us to
create simpler, more effective services,” Al Verney, a
Brussels-based spokesman for Google, said in an e-mail. “We
have engaged fully with the data protection authorities involved
throughout this process, and we’ll continue to do so going
forward.”

Google CEO

The Article 29 Data Protection Working Party, which
comprises national privacy authorities in the EU, wrote to
Google Chief Executive Officer Larry Page in October, saying
Google “empowers itself to collect vast amounts of personal
data about Internet users” without demonstrating that this
“collection was proportionate,” and asking the company to
bring its policy in line with EU rules.

Today’s announcement by the taskforce of six agencies
builds on work done by the EU group in the past year, said
Falque-Pierrotin.

The CNIL chief warned last year the French authority may
fine Mountain View, California-based Google for not complying,
calling it “probable” that other European agencies would
pursue Google.

Financial Sanctions

“I am not prejudging any fines that may be levied,”
Falque-Pierrotin said. “We are in a continued process of
dialogue with Google and the whole process can be stopped at any
moment if Google puts its systems in line with our demands.”
Still, as things stand now, Google is in breach of European law,
she said. “We have said so since October.”

Any financial sanctions would happen in the second half of
this year,” she said. A “first burst of action will happen
before the summer, with the different authorities analyzing
Google’s failures in line with their national laws.”

One of the shortcomings identified by the EU regulators in
October was a lack of information to people about how their data
is used, she said.

The taskforce of six agencies is represented in Germany by
Johannes Caspar, the data protection commissioner for Hamburg.

“We want to show after one year of talks with Google that
we are being serious and are taking action,” Caspar said in a
phone interview.

Any action in Germany would be taken in coordination with
all of the country’s privacy bodies, he said. Hamburg took
responsibility for the action in the country because Google has
its main German base in the city, said Caspar.

U.K. Agency

The U.K.’s privacy watchdog said in a separate statement it
started an “investigation into whether Google’s revised March
2012 privacy policy is compliant with the Data Protection Act.”

In February, CNIL said Google could face “repressive
actions” by various privacy authorities after failing to give
“precise and effective” responses to the EU group’s
recommendations. Google said then that it had answered on Jan.
8, listing changes it’s made to improve the protections and
asking to meet to discuss the case.

“Consumers are increasingly concerned about how their data
is being used and it is essential that those breaking the law
are properly punished,” Nick Pickles, director of privacy group
Big Brother Watch, said in an e-mailed statement. “It is
essential regulators find a sanction that is not just a slap on
the wrists and will make Google think twice before it ignores
consumer rights again.”

Google Defiance

Earlier in the EU probe, Google twice defied requests to
delay implementing the streamlined privacy policy until CNIL
could review it. Google then gave what CNIL called “often
incomplete” information in response to a list of 69 questions,
earning a rebuke in May last year and more questions.

CNIL’s heaviest fine to date was 100,000 euros against
Google in 2011 for breaches related to its Street View mapping
service.

Viviane Reding, the EU’s justice commissioner, who is
seeking tougher penalties for data privacy lapses, said she
welcomed today’s steps against Google.

“It is good to see that six national data protection
authorities are teaming up to enforce Europe’s common data
protection rules,” she said in an e-mailed statement.

“Data protection authorities speak louder with one voice
than with 27,” Reding said. “Such concerted actions need to
evolve from the exception to the rule -- that’s exactly what the
EU data protection reform will make sure of.”

Reding last year proposed allowing national authorities to
fine companies as much as 2 percent of yearly global sales for
“intentionally or negligently” violating the rules. The
overhaul is under consideration by the European Parliament and
EU governments.